Privacy Policy

1. Who we are.

This Privacy Policy describes how Polaris Ventures (SSM Reg. No. 202603115271), based in Selangor, Malaysia, collects, uses, and protects your personal information when you visit hub.drnanjun.com (and the related project sites) or engage Dr. Nan Jun's services.

This policy is written to comply with the Personal Data Protection Act 2010 ("PDPA") of Malaysia.

2. What we collect.

Information you give us directly

• Identity & contact: name, email address, phone/WhatsApp number.
• Booking & payment: service or programme purchased, transaction reference. Payment card / bank details are processed by our payment provider and not stored by us.
• Health information (where you consent to share it as part of a clinical engagement): your medical history, current symptoms, medications, lab results, lifestyle information, and other clinically relevant data.
• Communications: messages, emails, and notes from sessions.

Information collected automatically

• Basic technical information: IP address, browser type, device type, pages visited, referring URL.
• Cookies and similar technologies (see section 6).

3. How we use it.

We use your personal information to:

• Provide consultations, programmes, mentoring, and digital products.
• Communicate with you about your booking, programme, or enquiry.
• Issue invoices, receipts, and process refunds.
• Maintain clinical records as required by Malaysian law and good clinical practice.
• Improve our website, content, and services.
• Send you updates or marketing communications — only when you have opted in — with an unsubscribe link in every email.
• Comply with legal, regulatory, and tax obligations.

4. Lawful basis.

We rely on one or more of the following lawful bases to process your data:

• Performance of a contract — when you book a service or programme.
• Consent — for marketing emails and for the processing of sensitive (health) information.
• Legal obligation — for tax, accounting, and regulatory record-keeping.
• Legitimate interests — for understanding website usage and improving services, in a way that does not override your rights.

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing already done.

5. Who we share with.

We do not sell your personal information. We share it only with carefully selected service providers, where strictly necessary, to deliver our services:

• Payment processors (e.g., senangPay) — to process your payment and refunds.
• Email and CRM tools (e.g., GoHighLevel) — to manage communications and bookings.
• Cloud hosting and analytics providers — to host the website and understand aggregate usage.
• Professional advisors — accountants, lawyers, and auditors, where required.
• Authorities — where we are legally required to disclose information.

Some of these providers may store data outside Malaysia. Where this happens, we ensure equivalent protections are in place, in line with PDPA requirements.

6. Cookies & analytics.

We use a small number of cookies and analytics tools to:

• Make the website function (essential cookies).
• Understand how visitors use the site, in aggregate (analytics cookies).
• Measure the effectiveness of campaigns we run (advertising/measurement cookies, where used).

You can control cookies through your browser settings. Disabling certain cookies may affect parts of the site.

7. How long we keep it.

• Clinical records: retained for at least 7 years from the last consultation, in line with good clinical practice and Malaysian regulatory expectations.
• Financial / tax records: retained for at least 7 years, as required by Malaysian tax law.
• Marketing data: retained until you unsubscribe or request deletion.
• Website analytics: typically retained for up to 26 months in aggregated form.

8. Security.

We implement reasonable administrative, technical, and physical safeguards to protect your data, including encryption in transit, access controls, and trusted vendors. No method of transmission over the internet is 100% secure; we work in good faith to protect your information.

9. Your rights.

Under the PDPA, you have the right to:

• Access the personal data we hold about you.
• Correct data that is inaccurate or out of date.
• Withdraw consent for processing where consent is the basis (e.g., marketing).
• Object to processing for direct marketing.
• Limit processing in certain circumstances.
• Lodge a complaint with the Personal Data Protection Department of Malaysia.

To exercise any of these rights, contact us using the details in section 11.

10. Changes to this policy.

We may update this Privacy Policy from time to time to reflect changes to our services, technology, or legal requirements. Material changes will be communicated through the website or by email where we have one on file. The "Effective" date at the top tells you when this version came into force.

11. Contact.

For privacy questions, requests, or complaints, contact:

Polaris Ventures
Selangor, Malaysia
Email: [email protected]
WhatsApp: +60 16-209 9390